What makes a DDoS successful? I asked myself that question at the end of August when the central bank of Spain, Banco d’Espana, was hit by a DDoS attack that took its website temporarily offline. The bank issued a statement acknowledging the attack and stating that “no damage” had been done and its operations, as a central bank with no commercial arm, were not affected, implying that the attack was not successful. Meanwhile, the hacktivist group, Anonymous Catalonia, claimed responsibility and widely shared evidence that it had brought the bank’s web servers down worldwide.